cloud-penetration-testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfiguratio...
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill cloud-penetration-testing84
Quality
68%
Does it follow best practices?
Impact
96%
1.20xAverage score across 6 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/cloud-penetration-testing/SKILL.mdDiscovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description has strong trigger term coverage with specific cloud providers and security testing terminology, making it highly distinctive. However, it appears to focus primarily on 'when to use' conditions without clearly articulating the specific capabilities and actions the skill performs. The truncation also suggests the description may be overly long.
Suggestions
Restructure to clearly separate capabilities ('Performs cloud penetration testing, enumerates resources, identifies misconfigurations...') from trigger conditions ('Use when...')
Ensure the description is concise enough to not be truncated - aim for 1-2 sentences covering both what and when
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (cloud penetration testing) and mentions some actions like 'enumerate cloud resources' and 'exploit cloud misconfiguration', but the truncation prevents seeing the full list of concrete actions. What's visible shows domain-specific actions but not a comprehensive list. | 2 / 3 |
Completeness | The description starts with 'This skill should be used when...' which addresses the 'when' aspect, but the structure appears to only list trigger conditions without clearly separating 'what it does' capabilities. The 'what' is implied through the trigger phrases rather than explicitly stated. | 2 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms users would actually say: 'cloud penetration testing', 'Azure', 'AWS', 'GCP', 'security', 'enumerate cloud resources', 'exploit cloud misconfiguration'. These cover major cloud providers and common security testing terminology. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche focusing specifically on cloud penetration testing across AWS/Azure/GCP. The combination of 'penetration testing' + specific cloud providers + 'exploit cloud misconfiguration' creates distinct triggers unlikely to conflict with general security or cloud management skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive cloud penetration testing skill with excellent actionability - nearly all commands are executable and copy-paste ready. However, it's verbose for a skill file, duplicates information between workflow sections and quick reference tables, and lacks explicit validation checkpoints critical for authorized security testing (e.g., scope verification before each phase).
Suggestions
Add explicit validation checkpoints between phases (e.g., 'Verify you have authorization for this subscription before proceeding', 'Confirm target is in scope')
Move detailed platform-specific enumeration commands to separate reference files (e.g., azure-commands.md, aws-commands.md, gcp-commands.md) and keep SKILL.md as an overview
Remove the 'Required Knowledge' section - Claude already understands cloud architecture and IAM concepts
Consolidate quick reference tables with workflow sections to reduce duplication
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some unnecessary sections like 'Required Knowledge' (Claude knows cloud fundamentals) and verbose explanations. The quick reference tables duplicate information already shown in the workflow sections. | 2 / 3 |
Actionability | Excellent executable code throughout with copy-paste ready commands for Azure PowerShell, AWS CLI, and GCP CLI. Specific examples with real command syntax and expected outputs make this highly actionable. | 3 / 3 |
Workflow Clarity | Clear phase-based structure (11 phases) but lacks explicit validation checkpoints between phases. For security testing involving potentially destructive operations, there should be verification steps to confirm scope compliance and avoid unintended access. | 2 / 3 |
Progressive Disclosure | The skill is quite long (~400 lines) with all content inline. The quick reference tables help, but detailed enumeration commands for each platform could be split into separate reference files. Only one external reference exists at the end. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (506 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.